pfSense

Some ISPs using VLANs for service, require DHCPv4/v6 Frames to be 802.1p priority tagged.
pfSense has the option to do this by either:
- Setting VLAN priority tagging in the Interface DHCP options (if you are not using Advanced configuration or a predefined configuration file)
- If using advanced configuration: By adding “vlan-pcp x” in the advanced modifier options.

BUG:
This priority setting in only used in DISCOVER and RELEASE frames sent by dhclient - NOT in RENEW or REBIND.

This is now causing major problems in France where Orange (Major ISP) has upgraded to also requiring the RENEW frames to be properly VLAN Priority tagged.
This causes the uplink to stop working when a renew is due. (About once a day)

I don’t know if the issue is the same in DHCPv6

The issue was patched in OPNsense about a month ago, and they decided to drop the advanced options overwrite of the VLAN priority setting in interface DHCP options.
Instead they let the user choose if VLAN priority should be used via the interface DHCP VLAN Priority setting already available.
If selected it would - apart from adding “vlan-pcp x” to the dhclient config - also set the priority tag in the builtin pffilter rule that passes Interface DHCP client traffic. This adds the tag to RENEW and REBIND frames.

The issue occurs because dhclient uses a bfg interface for DISCOVER and RELEASE - thus respecting the vlan-pcp settings. But for RENEW it uses a simple socket, and that causes it not to be tagged correctly. In pfSense you cannot create a floating match rule to manually tag the traffic that has higher priority than the builtin pass quick rule for the interface DHCP client.